When using other systems that are integrated with SAP Fiori launchpad, after logging
out, an open browser window may still contain session cookies. A user who has access to the
open browser window can access these systems without having to authenticate. The solution
described in this topic ensures that session cookies of all systems are removed when logging
out from SAP Fiori launchpad.
SAP Fiori launchpad allows access to systems other than the SAP Fiori launchpad front-end
server, which serves the URL to start:
- SAP Fiori launchpad
- UI-related resources
- REST and OData services for running the launchpad
Note To keep the complexity of the system landscape to a minimum, we recommend
having only one SAP Gateway server for all
OData services used in SAP Fiori scenarios.
For the following scenarios, logging out is performed completely and you do not need
to perform the extra logout configuration described in this topic.
- SAP Fiori launchpad front-end server.
- Enterprise Search system (AS ABAP).
- Systems used to load remote tile catalogs, such as SAP HANA KPI tiles for
SAP Smart Business.
- SAP Lumiraâ„¢ running in SAP Fiori launchpad.
Note For releases of SAP Lumira prior to 1.18,
it is necessary to perform the configuration as described in SAP Note
2010502 .
- Systems that are accessed to start Web Dynpro ABAP or SAP GUI for HTML applications in the
SAP Fiori launchpad based on report launchpad customizing with specific
application types (not plain URL) - either through SAP Web Dispatcher or
directly on the system.
For all other scenarios, it is necessary to do the following:
- On SAP Web Dispatcher: Maintain a logout rule symmetric to the rule causing
the system login so that the logout URLs are routed to the correct
system.
- On SAP Fiori launchpad front-end server: Define a custom logout page for the ICF node
/sap/public/bc/icf/logoff, which ensures that all
logout URLs are requested. Thus the missing logouts are guaranteed to take
place when logging out from the front-end server.